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IN THE CLAIMS; 

The text of ail pending claims, (including withdrawn claims) is set forth below. Cancelled 
and not entered claims are indicated with claim number and status only. The claims as listed 
below show added text with underlining and deleted text with strikethrough . The status of each 
claim is indicated with one of (original), (currently amended), (cancelled), (withdrawn), (new), 
(previously presented), or (not entered). 

Please AMEND the claims in accordance with the following: 

1 (CURRENTLY AMENDED) A central processing unit o x e cu t in g a pr o gram , 
comprising: 

a first private key concealed in secrecy; 

an encrypting unit obtaining, from a first license of a first program, an access condition 
for accessing a memory region during an execution process of the first program and a code 
decryption kev for decrypting an encrypted block configuring the first program, bv decrypting with 
the first private key the first license of the first program encrypted with a public key pairing with 
the first private kev oncrypting a block and d e crypting an encrypt e d b l ock ; an4 

a tamper resistant buffer that a user cannot reference or faisifyi; 

a Translation Lookaside Bufi^er fTLB) linked to said tamper resistant buffer and recording 
an address of the memory region, at which the encrypted block which configures the first 
program is recorded, and recording the access condition to the memory region obtained from the 
license; 

a memory managing unit: and 

a processor core, wherein: 

a first private key is cone e a l ed4f^seorecy,sa i d e ncrypt i ng unit obtains, from a first li certs e y 
a cod e d e ep 

deeryp t f Rg - w i t h4 h e- first privat e k e y th e fii 
publ ic k e y p alf4n g with the first pr iva t e k e y ; 

the code decryption ke v obtained from said license of the first program is recorded to 
said tamper resistant buffer, 

the f i rst l i c e nse -i nGiud os an a ccess condition used wh e n an e x e cution - proc e ss of th e fi rs t 
program acc e sses a- m e mo r y r e g i on, and 

wh o r oi n sa i d c e ntr al processing - w i- t - fyFt he r inc l udes: 

^Tr ans la t io n L ookasid e Buff ^er (TLB) r e cord i ng an a dd r e s s of th e m e mory r e g i on, at 
which the encrypt e d b l oc k which co n fi guros the first program i s r e corded, and the acc e ss 
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condition to th e m e moiy - r e§i eR 7 




a proce ssor eer e,- 

wh oroi n c ard TLB a n d s a i d tamp e r Fesis t an t - buff e r are \ i B ke4j 

whefeifhsaid memory managing unit obtains the access condition to the memory region 
at which the encrypted block is recorded from said TLB based on an address of^ of the memory 
regionT-at-Afttf^teh -arv e nGrypt o d block is r e corded, and further obtains the code decryption key 
corresponding to the memory region from said tamper resistant buffer, and 

w h e r - e i n -said processor core dete rm i n e s wh e ther permits an access to the memory 
region i s p e rm i tted to bo mad e f rom the execution process of the first program based on the 
access condition obtained by said memory managing uni t, and th e acc e ss te the memory r e gion 
is made from th e e xeout i en proc e ss if sa i d proo e s s er core det e miin e s thotthe access to th e 
memory r e gion i s permitted to be made and, 

wh e r ei n s aid encrypt i ng unit writ e & - to sa i d cache a code obta ine d by decrypting th e 
encrypted b l ock within tho memory region with the code d o oryption k o y obtained by oaid m e mory 
managing unit . 

2. (PREViOUSLY PRESENTED) The central processing unit according to claim 1, 
wherein said encrypting unit decrypts the encrypted block in unite of cache when the encrypted 
block which configures the first program is output from a memory region to said cache. 

3. (CANCELLED) 

4, (CANCELLED) 

5, (PREVIOUSLY PRESENTED) The central processing unit according to claim 1, 
wherein the code decryption key and the encryption key used to encrypt the encrypted block are 
a same key. 

0 {PREVIOUSLY PRESENTED) The central processing unit according to claim 1 , 
wherein when a memory region accessed from the execution process of the first program 
switches from a first memory region to a second memory region, said memory managing unit 
further determines whether or not a code decryption key corresponding to the first memory 



3 



Serial No, 10/614,921 

region, which is obtained from said tamper resistant buffer, and a code decryption key 
corresponding to the second memory region match, and an access is made to the second 
memory region from the execution process if said memory managing unit determines that the 
code decryption keys match, or the access to the second memory region is not made from the 
execution process if said memory managing unit determines that the code decryption keys 
mismatch, 

1, (WITHDRAWN) The central processing unit according to claim 2, wherein the first 
license is buried in the first program. 

8. {PREVIOUSLY PRESENTED) The central processing unit according to claim 1, 
wherein: 

a different data encryption key is recorded to said tamper resistant buffer for each code 
decryption key; 

said encrypting unit records data within said c^che to the memory region that is 
corresponded to the data decryption key by said TLB after encrypting the data with the data 
decryption key when recording the data to the memory region, and writes encrypted data \A^thin 
the memory region to said cache after decrypting the read data with the data encryption key 
when reading the encrypted data within the memory region. 

9. (ORIGINAL) The central processing unit according to claim 8, wherein when data 
obtained by executing a first code is used by a second code, said processor core sets said TLB 
so as to provide the second code with an access right to a memory region to which the data is 
recorded, and also sets said TLB ancf said tamper resistant buffer so Uiat the second code uses 
a data encryption key for encrypting the data when reading the data from the memory region, 

10. (PREVIOUSLY PRESENTED) The central processing unit according to claim 1, 
further comprising; 

a register; and 

a register access control table for performing access control for said register, 
wherein said processor core controls sealing and release of said register with a sealing 
flag within said register access control table. 

11 (PREVIOUSLY PRESENTED) The central processing unit according to claim 1, 
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wherein when contents of said TLB is recorded to a page table within an external storage device, 
said encrypting unit affixes a signature to the contents to be recorded, and verifies whether or 
not the signature is legal when contents of the page table is captured into said TLB. 

12. (PREVIOUSLY PRESENTED) The central processing unit according to claim 1, 
wherein when contents of said tamper resistant buffer is recorded to an encryption key table 
within an external storage device, said encrypting unit encrypts the contents to be recorded, 

13. (WITHDRAWN) The central processing unit according to claim 2, which is 
connected to a different central processing unit, wherein: 

a session key is obtained by making mutual authentication with the different central 
processing unit; and 

said encrypting unit encrypts contents of said cache with the session key, and 
synchronously transfers the contents to the different central processing unit. 

14. (WITHDRAWN) The central processing unit according to claim 2, wherein said 
encrypting unit obtains a private key encryption key used when a second private key is encrypted 
by decrypting a second license added to a second program with a public key before the first 
program is executed, and decrypts the second private key with the obtained private key 
encryption key, 

15. (WITHDRAWN) The central processing unit according to claim 14, wherein: 

an access condition indicating that only a read can be made from an execution process 
of the first program is added to the second license; and 

the second private key can be read only from the execution process of the first program. 

16. (WITHDRAWN) The central processing unit according to claim 14, wherein the 
second private key is encrypted with a data encryption key and recorded to a memory region. 

17. (PREVIOUSLY PRESENTED) The central processing unit according to claim 1, 
wherein: 

said tamper resistant buffer records unable4o-output information indicating whether or 
not to output corresponding information within said tamper resistant buffer to an outside of said 
tamper resistant buffer, and cache lock information indicating whether or not to output 
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corresponding information to an outside of said cache; and 

a move of ihe first license between the first program and a different program is managed 
based on the unable-to-output information and the cache lock information. 

18. (WITHDRAWN) The central processing unit according to claim 2, wherein the first 
program is a taisted computing module. 

19. (WITHDRAWN) The central processing unit according to claim 2, wherein the first 
program Is a program for causing the central processing unit to implement an electronic wallet. 

20. (WITHDRAWN) The central processing unit according to claim 2, wherein the first 
program is a program handling personal information. 

21. (WITHDRAWN) The central processing unit according to claim 2, wherein the first 
program Is a virus check program of a code installed in the central processing unit. 

22. (WITHDRAWN) The central processing unit according to claim 2, wherein the first 
program is a mobile agent that moves among a plurality of central processing units. 

23. (WITHDRAWN) The central processing unit according to claim 2, wherein: 
the block which configures the first program includes hash verification 

requirement/nonrequirement information indicating whether or not verification of a hash value of 

the block is required; and 

a hash unit calculating the hash value of the block, and adding the hash value to ttie 
block based on the hash verification requirement/nonrequirement information, and 

a hash verifying unit verifying the hash value of the block based on the hash verification 
requirement/nonrequirement infontiation are further comprised. 

24. (WITHDRAWN) The central processing unit according to claim 2, wherein; 
the block which configures the first program includes encryption 

requirement/nonrequirement information indicating whether or not the block requires protection; 
and 

a protection block selecting unit determining \ftrtiether the block is output either to said 
encrypting unit or to said cache or a memory region unchanged based on the encryption 
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requirement/nonrequirement information is further comprised. 



25. (WITHDRAWN) The centra! processing unit according to claim 2, wherein: 

a header of an executable file of the first program includes an encrypted block bitmap 
indicating a configuration of the block which configures the first program; and 

a protection block selecting unit determining whether the block is output either to said 
encrypting unit or to the cache or a memory region unchanged based on the encrypted block 
bitmap is further comprised. 

26, (WITHDRAWN) The central processing unit according to claim 2, wherein: 

a start of a code of the first program is a code which specifies that a plurality of blocks 
configuring the first program are a repetition of a combination of a plain text block and an 
encrypted block, and also specifies a number of successive plain text blocks, and a number of 
successive encrypted blocks in the combination; and 

said processor core determines whether the block is output either to said encrypting unit 
or to said cache or a memory region unchanged by executing the code. 

27, (WITHDRAWN) The central processing unit according to claim 2, further comprising 
between said cache and a memory 

a cache line via said encrypting unit, and 
a cache line not via said encrypting unit. 

28. (CURRENTLY AMENDED) A computer comprising: 
a central processing unit comprising: 

a first private key concealed in secrecy; 

an encrypting unit obtaining, from a first license of a first program, an access 
condition for accessing a memory region during an execution process of the first program 
and a code decryption key for decrypting an encrypted block configuring the first 
program, by decrypting with the first private key the first license of the first program 
encrypted with a public key pairing with the first private kev o ncrypt i ng o block a nd 
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configures the first program is recorded, and recordin<3 the access condition to the 
memory region obtained from the license; 

a memory managing unit; and 

a processor core, wherein: 
a- f i fst - pr i v ate -k e y is conce a l ed-H^e9 F o cy , s ai d encrypting w i t - obt airi S r # o m - a f i rst licens er 
a co d e deory ption k e y for decrypting an encryp ted blo ck wh i ch c onfi g u r e s a first ^ ^ by 



ho f irst pri vate key th e first l icense of th e first program, w h ich jsr-e ncrypted w i th a 




the code decryption ke v obtained from said ticense of the first program is recorded to 
said tamper resistant buffer, 

th e first l ic e nse i ndud e s an acc e ss cond i tion used when an e x e cution proo o ss of the fi rs t 
program acc e ss es a m e mory region, and wh e r e in sa i d c e ntral proc e s s in g- unit - fuftlior i noludes:a 
Translation Look a s i de Buffer (TLB) rooording an addr e ss of the m e mory regio n, at wh i ch the 
encrypted block w t^ eh conf i gures the first program i s recorded, and th e aco e ss condition to th e 
memory r e gion, a memory managing un i t, a c a ch e r ^ nd a processor oor e ,wher Gi n sa i d TLB and 
said tamp e r resistant buffer are li nked, 

wh e r ei n said memory managing unit obtains the access condition to the memory region 
at which the encn/pted block is recorded f rom said TLB based on an address ef-a of the memory 
region , at whi c h a n o noryptod b l oc k is r e cord e d , and further obtains the code decryption key 
corresponding to the memory region from said tamper resistant buffer and 

wherein said processor core dot o rmines v\^ e th e r permits an access to the memory 
region i s p o rm i tt o d to be mad e f rom the execution process of the first program based on the 
access condition obtained by said memory managing uni t, and th o accoss to the memory region 
is made from t l ^ 
me m or y r e gion i s permitted to 

code o btain e d - by - d e c f ypting the e n er ypt e d b l o ck wi th in the m e mory - r e gion - w i th the cod e 
^ryption key obtained by said memory m a n a ging un i t 




29, (WITHDRAWN) The central processing unit of claim 1, wherein said central 
processing unit is set in an IC card, 

30. (WITHDRAWN) The central processing unit according to claim 29, wherein the first 
program is a program for implementing a security function of the IC card. 
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31 . (WITHDRAWN) The central processing unit according to claim 2, which is mounted 
in a robot, wherein the first program is a control program for controlling the robot. 

32. (WITHDRAWN) A recording device in which is recorded a program for causing a 
central processing unit to execute a process of a control for giving authorization to execute a 
protection program, wherein, the protection program to be encrypted with a code encryption key, 
and a license, which includes the code encryption key and is encrypted with a public key pairing 
with a private key comprised in secrecy within the centra! processing unit, is provided in 
correspondence with the protection program, wherein the central processing unit includes an 
encrypting unit encrypting a block and decrypting an encrypted block, wherein a first private key 
is concealed in secrecy^ and said encrypting unit obtains from a first license a code decryption 
key for decrypting an encrypted block which configures a first program by decrypting with the first 
private key the first license of the first program, v&i\ch is encrypted with a public key pairing with 
the first private key, the process comprising: 

entering the license into the central processing unit before the central processing unit 
executes the protection program; 

causing an encrypting unit comprised by the central processing unit to obtain tiie code 
encryption key from the license by decrypting the license with the private key; and 

causing the encrypting unit to decrypt the protection program with the code encryption 

key. 

33. (WITHDRAWN) A program execution authorization method giving authorization to 
execute a protection program to a central processing unit, wherein, the protection code program 
is encrypted wth a code encryption key, and a license, which includes the code encryption key 
and is encrypted with a public key pairing with a private key comprised within the central 
processing unit, is provided in correspondence with the protection program, and the central 
processing unit includes an encrypting unit encrypting a block and decrypting an encrypted 
block, wherein a first private key is concealed in secrecy, and said encrypting unit obtains from a 
first license a code decryption key for decrypting an encrypted block which configures a first 
program by decrypting with the first private key the first license of the first program, which is 
encrypted with a public key pairing with the first private key said method comprising: 

causing the central processing unit to obtain the license before executing the protection 
program; 

causing the central processing unit to obtain the code encryption key from the license by 
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decrypting the license with the private key; and 

causing the centra! processing unit to decrypt the protection program with the code 
encryption key. 

34. (WITHDRAWN-CURRENTLY AMENDED) A computer-readable storage medium 
storing a m ethod exe cuted by a central processing unit for decn/ptjng en-whieh-i s r e c o rd e d a 
program code e x ecu t ed b y a comput e r , wh efen^ according to operations comprising : 



entering a license into the central processing unit before the program code is executed, 
wherein a-the license, which includes the-a_code encryption keyj,af»d-is encrypted with a public 
ke y which is pafiBg-paired with a private key comprised in s e cr e o v hidden within a-the central 
processing uni t compris ed by the c omput e r to ex e cute th e program code, . ^andLis provided in 
correspondence with the program code; 

th e li c e ns e i s e nter ed into th o o o ntra l processing unit befor e th e p rogram c ode i s 
ex e cuted; 

decn/oting t he license is d e crypt e d w ith the private key bv -wth t he central processing 
unit; and 

decrvpting t he program code is decrypt e d w ith the code encryption key obtained from the 
license by -wth t he central processing unit. 

35. (WITHDRAWN) A program generating device generating a program executed by a 
central processing unit having an encrypting unit encrypting a block, and decrypting an 
encrypted block, wherein a first private key is concealed in secrecy, and the encrypting unit 
obtains from a first license a code decryption key for decrypting an encrypted block which 
configures a first program by decrypting with the first private key the first license of the first 
program, which is encrypted with a public key pairing with the first private key, said program 
generating device comprising: 

an inputting unit inputting a code object, 

a linker preprocessing unit dividing the input code object into a plurality of blocks, and 
adding an NOP instruction to each of the plurality of blocks, 
a linker unit making an address resolution, 

a protection code executable format generating unit generating a protection code 
executable format by encrypting each of the plurality of blocks with a code encryption key, and 
a license generating unit generating a license that includes the code encryption key and 
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is encrypted with a public key pairing with the private key, wherein: 

the license is entered into the central processing unit before the computer executes the 
protection code executable format, and decrypted with the private key by the encrypting unit; and 

the protection code executable format is decrypted with the code encryption key obtained 
from the license by the encrypting unit. 



36. (CURRENTLY AMENDED) A central processing uni t oxocuting a program , 
comprising: 

a first private kev concealed in secrecv 

encrypting means for obtaining, from a first license of a first program, an access 
condition for accessing a memory region during an execution process of the first program and a 
code decryption kev for decrypting an encrypted block configuring the first program, bv 
decrypting with the first private kev the first license of the first program encrypted with a public 
key pairing wth the first private ke vo ncrvpting a block, and docrypt i ng an enorypt o d b l ock; and 

a tamper resistant buffer that a user cannot reference or fateif wfalsify; 

a Translation Lookaside Buffer (TLB) linked to said tamper resistant buffer and recording 
an address of the memory region, at which the encrwted block which configures the first 
program is recorded, and recording the access condition to the memory region obtained from the 
license; 

a memory managing means; and 

a processor core, w herein: 

a first pr i vat e koy is conc e al e d in se er e ey; 

s ai d en cry pti n g- means obtains from a first license a code decryption key for d e crypt i ng 
on encrypt e d block which configur e s a first ; 




the code decryption ke y obtained from said license of the first program is recorded to 
said tamper resistant buffer, 



p rogram - aGCOSSGS a memory r e g io n i and 



a T ran s la ti on Lookasid o Buf fer (TLB) r ecording an address of t h e- m e mory r e gi on , 
at vtfhich th e- e ncrypt e d block whi c h - co nfigur os the first program-ts ^- r o corded. and th e 
acc e ss condit i on to the m e mory r eg ion, 
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a cache, and 
a proc e ssor - Gor ey 

wherein sa i d TLB an d c a id tamper r e sist a nt buff ei^^fe4ffikedT 

where i n said memory managing means obtains the access condition to the memory 
region at which the encrypted block is recorded from said TLB based on an address of^ of the 
memory region , at which an ef K^rypted bloc i ^ i s r eco rd e d r and further obtains the code decryption 
key conresponding to the memory region from said tamper resistant buffer. and 

where i n said processor core determin e s wh e th e rg girmts an access to the memory region 
i s p o rmitt e d to bo made f rom the execution process of the first program based on the access 
condition obtained by said memory managing means r and the access to the memory reg i on is 
mod o from the ex e cution proc e ss if said proc e ssor core dotermin e s that theaGoe s s to the 
m e mory region is p e m i tte^t - to - be made> and 

where i n sa i d e nGfypt i ng means writ e s to said cache a cod e obtained by decrypting the 
e ri^ryptod b l oc l < w i thin tho memory region with th e oodo decrypt i on k e y obta i n e d by said m e mory 
maff ag tng means , 

37. (WITHDRAWN) A program product having a program for causing a central 
processing unit to execute a process of a control for authorization to execute a protection 
program, wherein, the protection program to be encrypted with a code encryption key, and a 
license, which includes the code encryption key and is encrypted with a public key pairing with a 
private key comprised in secrecy within the central processing unit, is provided in 
correspondence with the protection program, and the central processing unit includes an 
encrypting unit encrypting a bfock, and decrypting an encrypted block wherein a first private key 
is concealed in secrecy, and said encrypting unit obtains from a first license a code decryption 
key for decrypting an encrypted block which configures a first program by decrypting with the first 
private key the first license of the first program, which is encrypted with a public key pairing with 
the first private key, the process comprising: 

entering the license into the central processing unit before the central processing unit 
executes the protection program; 

causing an encrypting unit comprised by the central processing unit to obtain the code 
encryption key from the license by decrypting the license with the private key; and 

causing the encrypting unit to decrypt the protection program with the code encryption 

key. 
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38. (WITHDRAWN) A program product having a program code executed by a computer, 
wherein: 

the program code is encrypted with a code encryption key; 

a license, which includes the code encryption key and is encrypted with a public key 
paring with a private key comprised in secrecy within a central processing unit comprised by the 
computer to execute the program code, is provided in correspondence with the program code; 

the license is entered into the central processing unit before the program code is 
executed; 

the license is decrypted with the private key by the central processing unit; and 
the program code is decrypted with the code encryption key obtained from the license by 
the central processing unit. 



13 



